Hi Bill, the roles are defined at realm level. Frontend and backend applications have a scope mapping with assigned roles "user" under the menu "Realm Roles". > Where are your roles defined? At the realm level? At the application > level? If they are defined at the realm level you need to define a > scope for the application. Go to the admin console. The application > link for your front-end application. Go to the scope menu item and add > the realm roles to the scope for the front-end application > Build and deploy the preconfigured demo and view the realm in the admin > console. You will see a similar setup where the "customer-portal" and > "product-portal" apps have their scope set to the realm level roles. > Scope is the set of roles an application or oauth client is allowed to > ask for. -- Davide _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user